package com.disney.id.android.fingerprint;

import android.app.Activity;
import android.app.FragmentManager;
import android.app.KeyguardManager;
import android.content.Context;
import android.content.MutableContextWrapper;
import android.os.Build;
import android.security.keystore.KeyGenParameterSpec;
import android.security.keystore.KeyPermanentlyInvalidatedException;
import android.support.annotation.VisibleForTesting;
import android.support.v4.hardware.fingerprint.FingerprintManagerCompat;
import android.support.v4.os.CancellationSignal;
import android.util.Base64;
import com.disney.id.android.DIDAuthenticatorUtils;
import com.disney.id.android.DIDLogger;
import com.disney.id.android.DIDSessionConfig;
import com.disney.id.android.localdata.DIDGuestDataStorageStrategy;
import com.disney.id.android.localdata.DIDGuestDataStorageStrategyFactory;
import com.disney.id.android.localdata.DIDLocalData;
import com.disney.id.android.log.DIDEventParams;
import com.disney.id.android.log.DIDTracker;
import com.disney.id.android.processor.DIDInternalElement;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Locale;
import java.util.concurrent.ExecutionException;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.json.JSONException;
import org.json.JSONObject;

@DIDInternalElement
/* loaded from: classes.dex */
public class DIDFingerprintSupport {
    private static final String ONEID_SECURE_KEY = "OneIDSecure";
    private static final String OPT_OUT_KEY = "touchOptOut";
    private static final String PASSWORD_KEY = "password";
    private static final String STATE_CANCELLED_BY_USER = "cancelled_by_user";
    private static final String STATE_NOT_INITIALIZED = "not_initialized";
    private static final String STATE_OPTED_OUT = "opted_out";
    private static final String STATE_SOCIAL_LOGIN = "social_login";
    private static final String STATE_SUCCESS = "success";
    private static final String TAG = "DIDFingerprintSupport";
    private static final String TOUCHID_STATE_KEY = "touchid_state";
    private static final String USERNAME_KEY = "username";
    private final FingerprintManagerCompat fingerprintManager;
    protected final FragmentManager fragmentManager;
    private final DIDGuestDataStorageStrategy guestDataStorageStrategy;
    private final KeyguardManager keyguardManager;

    public DIDFingerprintSupport(FingerprintManagerCompat fingerprintManagerCompat, KeyguardManager keyguardManager, FragmentManager fragmentManager, DIDGuestDataStorageStrategy dIDGuestDataStorageStrategy) {
        this.fingerprintManager = fingerprintManagerCompat;
        this.keyguardManager = keyguardManager;
        this.fragmentManager = fragmentManager;
        this.guestDataStorageStrategy = dIDGuestDataStorageStrategy;
        if (this.fragmentManager == null) {
            DIDLogger.w(TAG, "Fragment manager initialized to null.  Fingerprint authentication will not be possible.");
        }
        if (this.guestDataStorageStrategy == null) {
            DIDLogger.e(TAG, "Guest storage strategy initialized to null.  Fingerprint login will not be possible.");
        }
    }

    private Cipher authenticateAndEnableCipher(String str, FingerprintManagerCompat.CryptoObject cryptoObject) {
        if (this.fragmentManager == null) {
            DIDLogger.e(TAG, "Fragment manager not configured. Unable to show fingerprint dialog and authenticate.");
            return null;
        }
        DIDAuthenticationFuture dIDAuthenticationFuture = new DIDAuthenticationFuture(new CancellationSignal());
        DIDFingerprintDialog.getDialog(str, cryptoObject, dIDAuthenticationFuture).show(this.fragmentManager, DIDFingerprintDialog.class.getSimpleName());
        try {
            return dIDAuthenticationFuture.get();
        } catch (InterruptedException | ExecutionException e) {
            DIDLogger.wtf(TAG, "Authentication future failed.", e);
            return null;
        }
    }

    private void deleteKey() {
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            keyStore.deleteEntry(ONEID_SECURE_KEY);
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            DIDLogger.e(TAG, "Unable to load keystore.  Key not deleted.", e);
        } catch (KeyStoreException e2) {
            DIDLogger.e(TAG, "Error accessing keystore.  Key not deleted.", e2);
        }
    }

    public static DIDFingerprintSupport get(Context context) {
        FragmentManager fragmentManager = null;
        if (Build.VERSION.SDK_INT < 23) {
            DIDLogger.w(TAG, "Fingerprint is not supported on versions of Android prior to API 23");
            return null;
        }
        if (context instanceof MutableContextWrapper) {
            context = ((MutableContextWrapper) context).getBaseContext();
        }
        if (context instanceof Activity) {
            fragmentManager = ((Activity) context).getFragmentManager();
        } else {
            DIDLogger.e(TAG, "Unable to create FragmentManager.  Context used to initialize was not an Activity context.");
        }
        return new DIDFingerprintSupport(FingerprintManagerCompat.from(context), (KeyguardManager) context.getSystemService(KeyguardManager.class), fragmentManager, DIDGuestDataStorageStrategyFactory.getGuestDataStorageStrategy(context, DIDSessionConfig.getSSONamespace()));
    }

    private SecretKey retrieveKey(boolean z) {
        SecretKey secretKey = null;
        if (Build.VERSION.SDK_INT < 23) {
            return null;
        }
        try {
            KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
            keyStore.load(null);
            SecretKey secretKey2 = (SecretKey) keyStore.getKey(ONEID_SECURE_KEY, null);
            if (secretKey2 != null || !z) {
                return secretKey2;
            }
            try {
                KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
                keyGenerator.init(new KeyGenParameterSpec.Builder(ONEID_SECURE_KEY, 3).setBlockModes("CBC").setEncryptionPaddings("PKCS7Padding").setUserAuthenticationRequired(true).build());
                keyGenerator.generateKey();
                return (SecretKey) keyStore.getKey(ONEID_SECURE_KEY, null);
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                e = e;
                secretKey = secretKey2;
                DIDLogger.e(TAG, "Unable to load keystore", e);
                return secretKey;
            } catch (InvalidAlgorithmParameterException | NoSuchProviderException e2) {
                e = e2;
                secretKey = secretKey2;
                DIDLogger.e(TAG, "Unable to generate key", e);
                return secretKey;
            } catch (KeyStoreException e3) {
                e = e3;
                secretKey = secretKey2;
                DIDLogger.e(TAG, "Error accessing keystore", e);
                return secretKey;
            } catch (UnrecoverableKeyException e4) {
                e = e4;
                secretKey = secretKey2;
                DIDLogger.e(TAG, "Unable to retrieve key", e);
                return secretKey;
            }
        } catch (IOException | NoSuchAlgorithmException | CertificateException e5) {
            e = e5;
        } catch (InvalidAlgorithmParameterException | NoSuchProviderException e6) {
            e = e6;
        } catch (KeyStoreException e7) {
            e = e7;
        } catch (UnrecoverableKeyException e8) {
            e = e8;
        }
    }

    private void updateBridgeResponseAndCompleteTrackingWithError(JSONObject jSONObject, String str, DIDTracker dIDTracker, String str2) {
        try {
            jSONObject.put(TOUCHID_STATE_KEY, str);
        } catch (JSONException unused) {
        }
        dIDTracker.trackError(str2, null, "FAILURE_BY_DESIGN", String.format(Locale.US, "touchid(%s)", str));
        dIDTracker.logTimedEvent(str2, true);
    }

    /* JADX WARN: Removed duplicated region for block: B:11:0x0044 A[EXC_TOP_SPLITTER, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:16:0x0074  */
    /* JADX WARN: Removed duplicated region for block: B:32:? A[RETURN, SYNTHETIC] */
    /* JADX WARN: Removed duplicated region for block: B:40:? A[RETURN, SYNTHETIC] */
    @android.support.annotation.VisibleForTesting
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    boolean authenticateAndDecryptPassword(org.json.JSONObject r10) {
        /*
            r9 = this;
            int r0 = android.os.Build.VERSION.SDK_INT
            r1 = 0
            r2 = 23
            if (r0 < r2) goto Lb3
            javax.crypto.SecretKey r0 = r9.retrieveKey(r1)
            if (r0 == 0) goto Lad
            javax.crypto.Cipher r2 = r9.getCipher()
            java.lang.String r3 = "password"
            java.lang.String r3 = r10.optString(r3)
            boolean r4 = r3.isEmpty()
            r5 = 2
            r6 = 1
            r7 = 0
            if (r4 != 0) goto L40
            java.lang.String r4 = ":"
            java.lang.String[] r4 = r3.split(r4)
            int r8 = r4.length
            if (r8 != r5) goto L2e
            r3 = r4[r1]
            r4 = r4[r6]
            goto L42
        L2e:
            java.lang.String r2 = com.disney.id.android.fingerprint.DIDFingerprintSupport.TAG
            java.lang.String r4 = "Encrypted password is invalid.  Aborting. [%s]"
            java.lang.Object[] r8 = new java.lang.Object[r6]
            r8[r1] = r3
            java.lang.String r3 = java.lang.String.format(r4, r8)
            com.disney.id.android.DIDLogger.wtf(r2, r3)
            r2 = r7
            r3 = r2
            goto L41
        L40:
            r3 = r7
        L41:
            r4 = r3
        L42:
            if (r2 == 0) goto Lb3
            if (r3 == 0) goto L4d
            byte[] r3 = android.util.Base64.decode(r3, r1)     // Catch: java.lang.Throwable -> L4b android.security.keystore.KeyPermanentlyInvalidatedException -> L64
            goto L53
        L4b:
            r0 = move-exception
            goto L5c
        L4d:
            int r3 = r2.getBlockSize()     // Catch: java.lang.Throwable -> L4b android.security.keystore.KeyPermanentlyInvalidatedException -> L64
            byte[] r3 = new byte[r3]     // Catch: java.lang.Throwable -> L4b android.security.keystore.KeyPermanentlyInvalidatedException -> L64
        L53:
            javax.crypto.spec.IvParameterSpec r8 = new javax.crypto.spec.IvParameterSpec     // Catch: java.lang.Throwable -> L4b android.security.keystore.KeyPermanentlyInvalidatedException -> L64
            r8.<init>(r3)     // Catch: java.lang.Throwable -> L4b android.security.keystore.KeyPermanentlyInvalidatedException -> L64
            r2.init(r5, r0, r8)     // Catch: java.lang.Throwable -> L4b android.security.keystore.KeyPermanentlyInvalidatedException -> L64
            goto L72
        L5c:
            java.lang.String r2 = com.disney.id.android.fingerprint.DIDFingerprintSupport.TAG
            java.lang.String r3 = "Unable to initialize cipher.  Decryption is not possible"
            com.disney.id.android.DIDLogger.e(r2, r3, r0)
            goto L71
        L64:
            java.lang.String r0 = com.disney.id.android.fingerprint.DIDFingerprintSupport.TAG
            java.lang.String r2 = "Key permanently invalidated.  Decryption is not possible."
            com.disney.id.android.DIDLogger.e(r0, r2)
            java.lang.String r0 = "username"
            r10.remove(r0)
        L71:
            r2 = r7
        L72:
            if (r2 == 0) goto Lb3
            android.support.v4.hardware.fingerprint.FingerprintManagerCompat$CryptoObject r0 = new android.support.v4.hardware.fingerprint.FingerprintManagerCompat$CryptoObject
            r0.<init>(r2)
            java.lang.String r2 = "username"
            java.lang.String r2 = r10.optString(r2, r7)
            java.lang.String r2 = r9.maskEmailAddress(r2)
            javax.crypto.Cipher r2 = r9.authenticateAndEnableCipher(r2, r0)
            if (r2 == 0) goto Lb3
            if (r4 == 0) goto La2
            byte[] r2 = android.util.Base64.decode(r4, r1)     // Catch: java.lang.Throwable -> La4
            javax.crypto.Cipher r0 = r0.getCipher()     // Catch: java.lang.Throwable -> La4
            byte[] r0 = r0.doFinal(r2)     // Catch: java.lang.Throwable -> La4
            java.lang.String r2 = new java.lang.String     // Catch: java.lang.Throwable -> La4
            r2.<init>(r0)     // Catch: java.lang.Throwable -> La4
            java.lang.String r0 = "password"
            r10.put(r0, r2)     // Catch: java.lang.Throwable -> La4 java.lang.Throwable -> La4 org.json.JSONException -> Lb3
        La2:
            r1 = 1
            goto Lb3
        La4:
            r10 = move-exception
            java.lang.String r0 = com.disney.id.android.fingerprint.DIDFingerprintSupport.TAG
            java.lang.String r2 = "Decryption failed."
            com.disney.id.android.DIDLogger.e(r0, r2, r10)
            goto Lb3
        Lad:
            java.lang.String r0 = "username"
            r10.remove(r0)
        Lb3:
            return r1
        */
        throw new UnsupportedOperationException("Method not decompiled: com.disney.id.android.fingerprint.DIDFingerprintSupport.authenticateAndDecryptPassword(org.json.JSONObject):boolean");
    }

    public String encryptAfterAuthenticate(String str) {
        Cipher cipher;
        Cipher authenticateAndEnableCipher;
        if (Build.VERSION.SDK_INT < 23) {
            return null;
        }
        if (str == null || !isEnabledForDevice()) {
            DIDLogger.w(TAG, "Fingerprint authentication not available.  No encryption possible.");
            return null;
        }
        SecretKey retrieveKey = retrieveKey(true);
        if (retrieveKey == null || (cipher = getCipher()) == null) {
            return null;
        }
        boolean z = false;
        do {
            try {
                cipher.init(1, retrieveKey);
            } catch (KeyPermanentlyInvalidatedException e) {
                DIDLogger.i(TAG, "Key permanently invalidated.  Resetting key.");
                if (z) {
                    DIDLogger.i(TAG, "Failed to reset key.  Disabling encryption.", e);
                    deleteKey();
                    retrieveKey = null;
                    cipher = null;
                } else {
                    deleteKey();
                    retrieveKey = retrieveKey(true);
                    z = true;
                }
            } catch (InvalidKeyException e2) {
                DIDLogger.e(TAG, "Unable to initialize cipher", e2);
                cipher = null;
            }
            z = false;
        } while (z);
        if (cipher == null || (authenticateAndEnableCipher = authenticateAndEnableCipher(null, new FingerprintManagerCompat.CryptoObject(cipher))) == null) {
            return null;
        }
        try {
            byte[] doFinal = authenticateAndEnableCipher.doFinal(str.getBytes());
            return Base64.encodeToString(authenticateAndEnableCipher.getIV(), 0) + ":" + Base64.encodeToString(doFinal, 0);
        } catch (BadPaddingException | IllegalBlockSizeException e3) {
            DIDLogger.e(TAG, "Encryption failed.", e3);
            return null;
        }
    }

    public String getBridgeFingerprintResponse(Context context) {
        if (!isEnabledForDevice() || this.guestDataStorageStrategy == null) {
            return "";
        }
        DIDTracker dIDTracker = DIDTracker.getInstance(context);
        String correlationIdForNewTimedEvent = dIDTracker.correlationIdForNewTimedEvent(DIDEventParams.EVENT_VALUE_FINGERPRINT_LOGIN, false);
        JSONObject jSONObject = new JSONObject();
        if (isOptedOut()) {
            updateBridgeResponseAndCompleteTrackingWithError(jSONObject, STATE_OPTED_OUT, dIDTracker, correlationIdForNewTimedEvent);
        } else if (DIDAuthenticatorUtils.isAuthenticatedViaSocial(this.guestDataStorageStrategy)) {
            updateBridgeResponseAndCompleteTrackingWithError(jSONObject, STATE_SOCIAL_LOGIN, dIDTracker, correlationIdForNewTimedEvent);
        } else {
            JSONObject data = this.guestDataStorageStrategy.getData(DIDLocalData.getDataWithKeys("username", "password")).getData();
            String optString = data.optString("username");
            String optString2 = data.optString("password");
            if (optString.isEmpty() || optString2.isEmpty()) {
                updateBridgeResponseAndCompleteTrackingWithError(jSONObject, STATE_NOT_INITIALIZED, dIDTracker, correlationIdForNewTimedEvent);
            } else {
                try {
                    jSONObject.put("username", optString);
                } catch (JSONException unused) {
                }
                if (authenticateAndDecryptPassword(data)) {
                    String optString3 = data.optString("password");
                    if (optString3.isEmpty()) {
                        updateBridgeResponseAndCompleteTrackingWithError(jSONObject, STATE_NOT_INITIALIZED, dIDTracker, correlationIdForNewTimedEvent);
                    } else {
                        try {
                            jSONObject.put("password", optString3);
                            jSONObject.put(TOUCHID_STATE_KEY, "success");
                        } catch (JSONException unused2) {
                        }
                        dIDTracker.logTimedEvent(correlationIdForNewTimedEvent, true);
                    }
                } else if (data.has("username")) {
                    updateBridgeResponseAndCompleteTrackingWithError(jSONObject, STATE_CANCELLED_BY_USER, dIDTracker, correlationIdForNewTimedEvent);
                } else {
                    jSONObject.remove("username");
                    updateBridgeResponseAndCompleteTrackingWithError(jSONObject, STATE_NOT_INITIALIZED, dIDTracker, correlationIdForNewTimedEvent);
                }
            }
        }
        return jSONObject.toString();
    }

    @VisibleForTesting
    Cipher getCipher() {
        if (Build.VERSION.SDK_INT >= 23) {
            try {
                return Cipher.getInstance("AES/CBC/PKCS7Padding");
            } catch (NoSuchAlgorithmException | NoSuchPaddingException e) {
                DIDLogger.e(TAG, "Unable to retrieve instance of cipher", e);
            }
        }
        return null;
    }

    public boolean isEnabledForDevice() {
        return this.fingerprintManager != null && this.keyguardManager != null && Build.VERSION.SDK_INT >= 23 && this.fingerprintManager.isHardwareDetected() && this.fingerprintManager.hasEnrolledFingerprints() && this.keyguardManager.isKeyguardSecure();
    }

    public boolean isOptedOut() {
        if (this.guestDataStorageStrategy == null) {
            return false;
        }
        return this.guestDataStorageStrategy.getData(DIDLocalData.getDataWithKeys(OPT_OUT_KEY)).getData().optBoolean(OPT_OUT_KEY);
    }

    @VisibleForTesting
    String maskEmailAddress(String str) {
        String str2;
        if (str != null && str.contains("@")) {
            String[] split = str.split("@");
            if (split.length == 2 && split[0].length() > 0) {
                String str3 = split[0];
                int length = str3.length();
                if (length == 1) {
                    str2 = "*";
                } else {
                    str2 = str3.substring(0, length > 4 ? 3 : 1) + "****";
                }
                return str2 + "@" + split[1];
            }
        }
        return null;
    }
}
